package com.adou.shiro.filter;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class RoleFilter extends AccessControlFilter{

    private static final Logger logger = LoggerFactory.getLogger(RoleFilter.class);

    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {

        Subject subject = getSubject(servletRequest,servletResponse);
        if (o != null) {
            String[] arra = (String[]) o;
            for (String role : arra) {
                if (subject.hasRole(role)) {
                    return Boolean.TRUE;
                }
            }
        }
        //ajax异步请求业务逻辑

        return Boolean.FALSE;
    }

    @Override
    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        Subject subject = getSubject(servletRequest, servletResponse);
        subject.logout();
        return Boolean.FALSE;
    }

}
